author photo
By Clare O’Gara
Tue | Aug 6, 2019 | 12:34 PM PDT

Oh, Florida cities. Will you ever learn?

The City of Naples just joined the growing list of cyber theft victims.

Only this time, the culprit didn't use ransomware.

[RELATED: Florida, the Ransomware State?]

'No data breach occurred:' how Naples became a victim of spear phishing

In Naples, the thief used old-fashioned trickery to steal $700,000.

According to Naples Daily News, a targeted, spear phishing email managed to fool city employees:

The funds were paid to a fake bank account the attacker provided while posing as a representative from the Wright Construction Group, which was doing infrastructure work on Eighth Street South in downtown Naples, according to a news release.

And apparently, this kind of phishing attack has even happened to other Florida cities:

Collier Mosquito Control District was the victim of a similar spear phishing attack a year ago that began when the director of administration at Collier Mosquito Control received an email about the district's health insurance.

After speaking with the supervisor, the administrator believed the email was legitimate and sent the money ($12,000) to the requested account.

We might have to change Florida from "the ransomware state" to the "cyber theft state."

Different from ransomware: the mixed bag

This case of cyber theft has a few upsides and downsides.

On one hand, the attack had no effect on the Naples' data systems, which has been the case for other cities.

City Manager Charles Chapman said the attack, which is currently under criminal investigation, was an isolated incident and has not impacted the city's data systems.

"The city’s data systems are safe and secure," he said in a statement. "This attack was not malware or ransomware (and) no data breach occurred. The city has and will continue to make improvements to our information technology systems."

The downside, though, is that the thief didn't have to use malware to steal such a huge sum of money from a municipal government.

“We take cyber security very seriously. We actively train our employees to identify cyber security threats," said Chapman.

Unfortunately, this one somehow fooled employees.